You shouldn’t do this! This is vulnerable to SQL injections.
Have you inspected the actual value of var1, maybe it is not exactly what you expect it to be? Have you tried hardcoding it to a value you know it does exist in the database? Have you tried the sugared version of prepared statements? db.Query("select UserID, CurrentDB from optUsers where LoginHash = ?", var1)
I can not currently set up a testprogram on my own, as this computer is rather limited in its ressources and installing more would probably spill the disk 